Broadened Telehealth Services and Relaxed HIPAA Enforcement During the Coronavirus Public Health Crisis

In trying to stop the passing on of the 2019 novel coronavirus, patients believed of having exposure to the virus and people having signs of COVID-19 were advised to self-isolate at home. It is vital for contact to be minimized with vulnerable people, particularly elderly people and individuals with medical conditions.

Telehealth services, such as video calls, are helpful tools for healthcare experts when checking and treating patients remotely to lessen the probability of transmission of the coronavirus. Telehealth services may also be utilized to continue contact with patients who decide not to go to the clinical facilities considering the possibility of virus exposure.

On March 16, 2020, the Trump Government declared the expanded telehealth products for Medicare beneficiaries. Before this announcement, health professionals were just able to get payment for telehealth services given to persons located in rural places and without access to local clinical facilities and for patients with identified relationships with payment providers.

Now Medicare beneficiaries throughout the land regardless of where they reside can now get a number of services by telehealth without needing to leave home. The services may also be provided in nursing homes and hospital outpatient sections.

Starting March 6, 2020, Medicare will repay many medical providers for office and telehealth consultations, such as nurses, social personnel, and clinical psychologists. Repayment will be at a similar rate as face-to-face appointments.

Relaxation of Enforcement of Noncompliance with HIPAA

Telehealth services are under HIPAA rules. The technology employed, like mobile phone and communications platforms, should adhere to HIPAA regulations and have controls set up to make certain the confidentiality, integrity, and availability of ePHI. At the time of a public health crisis like an outbreak of a disease, the HIPAA Security Rule continues to be in force. Healthcare experts that deliver telehealth services would, under typical scenarios, not be allowed to utilize particular video conferencing tools that include Facetime or Skype, because the services aren’t completely HIPAA-compliant.

The HHS’ Office for Civil Rights made an announcement on March 17, 2020 that it is implementing a more lenient position on HIPAA implementation of noncompliance with particular HIPAA conditions associated with telehealth services. According to OCR’s Notification of Enforcement Discretion for telehealth, OCR will utilize its prudence in enforcement and won’t issue penalties for noncompliance with the HIPAA Rules against covered health care providers connected with the good faith provision of telehealth throughout the COVID-19 countrywide public health emergency. This advisory is effective instantly.

OCR affirmed that because of the coronavirus public health emergency, healthcare workers are allowed to employ non-public facing remote communication system that is available to connect with patients in correlation with good faith provision of telehealth. The discretion in enforcement additionally is applicable to telehealth services corresponding to the diagnosis and treatment of medical ailments not related to COVID-19. Although enforcement has been relaxed, it is still essential for covered entities to keep on the enforcement of appropriate safety precautions to secure patient data against intentional or accidental impermissible uses and disclosures.

Although OCR is not going to endorse using particular products, it was recommended that healthcare providers can utilize Facebook Messenger video chat, Apple FaceTime, Google Hangouts video, or Skype. Not allowed public-facing chat and communications programs for telehealth use include TikTok, Facebook Live, and Twitch.

OCR cautioned covered entities that they could get better privacy protections by simply utilizing HIPAA-compliant video communications tools and must get a signed business associate agreement. Companies of platforms that have BAAs and give a HIPAA compliant service are Skype for Business, Updox, TigerConnect, Zoom for Healthcare and VSee.

OCR is not going to issue penalties against covered medical care providers for having no a BAA with video communication providers or any other noncompliance with the HIPAA Rules that pertain to the good faith provision of telehealth services throughout the COVID-19 countrywide public health emergency. Any time the public health emergency concludes, penalties will apply if without a BAA and non-HIPAA compliant communications programs are employed.